HSBC has been hit by the largest-ever fine for losing confidential private information on customers - twice.

The High Street bank has been fined a total of nearly £3.2 million for losing in the post on two separate occasions the details of 180,000 life insurance customers and nearly 2000 members of another company's pension scheme.

The Financial Services Authority (FSA) fined HSBC for its failure to have the most basic systems and controls in place to protect customers' names, addresses, dates of birth and national insurance numbers from being lost or stolen.

In an era of growing identity theft and high-profile personal data losses by the likes of the Inland Revenue and the security forces, Margaret Cole, the FSA's director of enforcement, said: "These breaches are very disappointing."

While it is understood none of the lost information has been used fraudulently, neither of the two disks has been recovered.

"HSBC failed their customers by being careless with personal details which could have ended up in the hands of criminals," said Cole. "It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt them to do more to protect their customers' details.

"Fraud, particularly identity theft, is a major concern to everyone, and firms must ensure that their data security systems and controls are constantly reviewed and updated to tackle this growing threat."

And she warned: "In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry."

HSBC's first loss in the post was an unencrypted floppy disk containing details about members of a pension fund in 2007.

The bank warned its insurance arm over the issue, only for HSBC Life to then lose a CD containing the unencrypted details of customers six months later.

When the FSA swooped to investigate HSBC, it found unencrypted customer details routinely being sent by post or courier while other confidential customer information left lying around the office could easily have been stolen.

The largest previous fine from the FSA over customer data loss was £1.26 million against Norwich Union, now Aviva.

The FSA said HSBC would have copped a fine of more than £4.5 million if it had not fully co-operated with the investigation.